Back to Glossary
Authentication
What is API Key?
A unique identifier used to authenticate requests to an API, which if leaked can grant unauthorized access to services and data.
API keys are the most common — and most commonly leaked — form of machine authentication.
Security Risks
- Accidentally committed to Git repositories (the #1 cause of API key leaks)
- Embedded in client-side code (visible to anyone)
- Shared in plain text via email or chat
- No expiration by default on many services
Best Practices
- Never commit API keys to version control
- Use environment variables or secret management tools
- Rotate keys regularly
- Use scoped keys with minimum required permissions
- Monitor for unauthorized usage
Related Terms
Multi-Factor Authentication
A security method that requires two or more different types of verification: something you know, something you have, or something you are.
OAuth 2.0
An authorization framework that allows third-party applications to access user accounts without sharing passwords, using access tokens instead.
Have more questions?
Use our guided flow to get the right next privacy step for API Key.
Open Guided Flow